SlideShare a Scribd company logo

IP Multicast on ec2

Kenta Yasukawa
Kenta Yasukawa

This document discusses using IP multicast and layer 2 networking techniques in AWS VPC to enable features like VRRP and software load balancers. It describes how to implement pseudo broadcast/multicast in VPC using IP multicast and packet duplication. Examples are provided showing how to configure LVS and Keepalived for VRRP heartbeat and failover. The document concludes that VPC provides more flexibility and options for architecting compared to EC2-Classic.

Technology
1 of 23
IP Multicast on EC2 -- Who said VRRP doesn’t work on AWS?-- Kenta Yasukawa Solutions Architect Amazon Data Services Japan
What this presentation is about My experiences on low layer networking stuff on EC2 • Around L3 or L2 • No L1 stuff We can’t reach L1 of AWS
Do you use VPC? EC2-Classic Amazon Virtual Private Cloud (VPC) Each user gets private sections to deploy instances
VPC is not only for private networks What EC2-VPC can do whereas EC2-Classic cannot • Static private IP address allocation • Multiple IP addresses allocation • Multiple network interfaces • Dynamic security group membership configuration • Outbound packet filtering by security group • NACL • …
L2 looks different from an EC2 instance EC2-Classic • Same answer for any ARP request EC2-VPC • Familiar output!
It means L2 tricks may work in VPC L2 NAT (e.g. ebtables, tc) Software which requires L2 addressing (e.g. LVS) DSR (Direct Server Return) Load balancer Pseudo IP broadcast/multicast Will explain this in more detail
How Pseudo L2 Broadcast works VPC Subnet IP Multicast Dst: Ethernet Broadcast address Src: Sender’s MAC address Duplicate Unicast-ify Note: Disable Src/Dest on ENI Fine. Let’s use unicast then. IP Multicast packet is sent over Ethernet broadcast frame which just goes into black hole on EC2 Applications bind to IP address, not MAC address. So most of them just work fine.
How to implement Script below is based on packet capturing (Just a Proof of Concept) • Easy to understand • It performs ok for an ENI which does not get much traffic • Daemonizing is necessary (e.g. supervisord) https://gist.github.com/kntyskw/5231182
How to implement tc mirred + pedit + csum The sample shell script configures tc to perform the job https://gist.github.com/kntyskw/5633755 Much better both from performance and maintenance perspective A little trickier to understand, though Requires two ENIs for a subnet because tc mirred does not like to send loop for copied packets # ec2_multicast.sh <interface to grab multicast packets from> <interface to send modified packets to> [target MAC address 1] [target MAC address 2] ... # ec2_multicast.sh eth0 eth1 00:11:22:33:44:55 66:77:88:99:aa:bb Example: Usage:
Determine neighbors’ MAC addresses Use AWS API • Example: https://gist.github.com/kntyskw/5413698
Is it useful? It has quite some overhead since a packet is duplicated and sent multiple times But maybe ok to use for infrequent messaging? Sure. Don’t use it for sreaming HD movies Right. So, what about using it for node discovery and heartbeating? Ask yourself. Yeah, like VRRP?
Let’s now try to make VRRP work Virtual Router Redundancy Protocol (VRRP) • Gives a virtual IP address to a group of nodes (VRRP group) which forms a fault tolerant cluster • Nodes in a VRRP group communite with IP multicast
Verification with LVS + Keepalived VPC Subnet LVS + keepalived LVS + keepalived WebWebWeb 172.31.0.0/20 Elastic IP Secondary: 172.31.24.1 Primary: 172.31.24.100 Primary: 172.31.24.101 VRRP Normal state Request routing path
Verification with LVS + Keepalived VPC Subnet LVS + keepalived LVS + keepalived WebWebWeb 172.31.0.0/20 Elastic IP Secondary: 172.31.24.1 Primary: 172.31.24.100 Primary: 172.31.24.101 VRRP Upon failover Request routing path
How to take over an IP address VPC is not using ARP to determine dest MAC address • Needs to provision the mapping b/w IP address and ENI Call AWS API to reassign VIP from Master to backup upon failover https://gist.github.com/kntyskw/5417140
Keepalived configuration Execute the script when promoted to the master vrrp_instance VI_1 { state BACKUP interface eth1 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.31.24.1 dev eth0 } notify_master /etc/keepalived/assign_vip.sh }
Advantages of using LVS UDP load balancing! • Neither ELB nor HAProxy can do LVS does not need to terminate TCP • Lower overhead No need to involve user land process • Lower latency • Higher throughput
Quick benchmarking results sss LVS v.s. HAProxy • Both run on a m1.small instance • Tested to fetch a 4KB HTML file with BeesWithMachineGuns • Each of 8 bees will fire 2000 rounds, 10 at a time. 0 500 1000 1500 2000 2500 3000 3500 4000 4500 LVS HAProxy Requestperseconds Throughput 0 10 20 30 40 50 60 Average tp50 tp90 ResponseTimein[ms] Response Time LVS HAProxy
Things to note when you depend on L2 VPC Subnet cannot span across multiple AZs ENI cannot reach a subnet in a different AZ Availability Zone Availability Zone VPC Subnet Availability Zone Availability Zone
Building Multi-AZ architecture with LVS VPC Subnet LVS + keepalived LVS + keepalived WebWebWeb 172.31.0.0/20 Elatic IP Secondary: 172.31.24.1 Primary: 172.31.24.100 Primary: 172.31.24.1 01 VRRP If you can use multiple IP addresses • Use DNS RR as well as ELB does • Route53 Health Check can be used to detect failure Request flow VPC Subnet LVS + keepalived LVS + keepalived WebWebWeb 172.31.64.0/20 Secondary: 172.31.78.1 Primary: 172.31.78. 100 Primary: 172.31.78.101 VRRP Availability Zone Availability Zone Amazon Route 53
Building Multi-AZ architecture with LVS VPC Subnet LVS + keepalived LVS + keepalived WebWebWeb 172.31.0.0/20 Elatic IP Secondary: 172.31.24.1 Primary: 172.31.24.100 Primary: 172.31.24.1 01 VRRP If you have to stick to one single IP address (e.g. due to NAT traversal issue for UDP based services) • Perform Heartbeating b/w VRRP master nodes and move EIP upon failover Request flow Availability Zone Availability Zone VPC Subnet LVS + keepalived WebWebWeb 172.31.64.0/20 Primary: 172.31.78.101 VRRP LVS + keepalived Secondary: 172.31.78.1 Primary: 172.31.78. 100
Concluding remarks VPC gives you freedom on L2 which allows: • L2 NAT • L2 addressing • Pseudo Broadcast/Multicast Pseudo IP Multicast enables most applications which require IP multicast • Confirmed LVS + Keepalived works well LVS has advantages over other LBs depending on use cases • Don’t forget to build Multi-AZ architecture Use VPC and get more options for architecting!
IP Multicast on ec2

Recommended

Microservice vs. Monolithic Architecture
Microservice vs. Monolithic ArchitectureMicroservice vs. Monolithic Architecture
Microservice vs. Monolithic ArchitecturePaul Mooney
 
Zabbix
ZabbixZabbix
Zabbixpundir5
 
[NDC17] Kubernetes로 개발서버 간단히 찍어내기
[NDC17] Kubernetes로 개발서버 간단히 찍어내기[NDC17] Kubernetes로 개발서버 간단히 찍어내기
[NDC17] Kubernetes로 개발서버 간단히 찍어내기SeungYong Oh
 
Apache Kafka - Martin Podval
Apache Kafka - Martin PodvalApache Kafka - Martin Podval
Apache Kafka - Martin PodvalMartin Podval
 
Using the New Network Load Balancer with Amazon ECS - AWS Online Tech Talks
Using the New Network Load Balancer with Amazon ECS - AWS Online Tech TalksUsing the New Network Load Balancer with Amazon ECS - AWS Online Tech Talks
Using the New Network Load Balancer with Amazon ECS - AWS Online Tech TalksAmazon Web Services
 
MicroServices with Containers, Kubernetes & ServiceMesh
MicroServices with Containers, Kubernetes & ServiceMeshMicroServices with Containers, Kubernetes & ServiceMesh
MicroServices with Containers, Kubernetes & ServiceMeshAkash Agrawal
 
Wowza설치및사용법
Wowza설치및사용법Wowza설치및사용법
Wowza설치및사용법dasom im
 
Event Streaming with Kafka Streams and Spring Cloud Stream | Soby Chacko, VMware
Event Streaming with Kafka Streams and Spring Cloud Stream | Soby Chacko, VMwareEvent Streaming with Kafka Streams and Spring Cloud Stream | Soby Chacko, VMware
Event Streaming with Kafka Streams and Spring Cloud Stream | Soby Chacko, VMwareHostedbyConfluent
 

Recommended

Microservice vs. Monolithic Architecture
Microservice vs. Monolithic ArchitectureMicroservice vs. Monolithic Architecture
Microservice vs. Monolithic ArchitecturePaul Mooney
 
Zabbix
ZabbixZabbix
Zabbixpundir5
 
[NDC17] Kubernetes로 개발서버 간단히 찍어내기
[NDC17] Kubernetes로 개발서버 간단히 찍어내기[NDC17] Kubernetes로 개발서버 간단히 찍어내기
[NDC17] Kubernetes로 개발서버 간단히 찍어내기SeungYong Oh
 
Apache Kafka - Martin Podval
Apache Kafka - Martin PodvalApache Kafka - Martin Podval
Apache Kafka - Martin PodvalMartin Podval
 
Using the New Network Load Balancer with Amazon ECS - AWS Online Tech Talks
Using the New Network Load Balancer with Amazon ECS - AWS Online Tech TalksUsing the New Network Load Balancer with Amazon ECS - AWS Online Tech Talks
Using the New Network Load Balancer with Amazon ECS - AWS Online Tech TalksAmazon Web Services
 
MicroServices with Containers, Kubernetes & ServiceMesh
MicroServices with Containers, Kubernetes & ServiceMeshMicroServices with Containers, Kubernetes & ServiceMesh
MicroServices with Containers, Kubernetes & ServiceMeshAkash Agrawal
 
Wowza설치및사용법
Wowza설치및사용법Wowza설치및사용법
Wowza설치및사용법dasom im
 
Event Streaming with Kafka Streams and Spring Cloud Stream | Soby Chacko, VMware
Event Streaming with Kafka Streams and Spring Cloud Stream | Soby Chacko, VMwareEvent Streaming with Kafka Streams and Spring Cloud Stream | Soby Chacko, VMware
Event Streaming with Kafka Streams and Spring Cloud Stream | Soby Chacko, VMwareHostedbyConfluent
 
Big Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingBig Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingAraf Karsh Hamid
 
Composable Software Architecture with Spring
Composable Software Architecture with SpringComposable Software Architecture with Spring
Composable Software Architecture with SpringSam Brannen
 
How I learned to time travel, or, data pipelining and scheduling with Airflow
How I learned to time travel, or, data pipelining and scheduling with AirflowHow I learned to time travel, or, data pipelining and scheduling with Airflow
How I learned to time travel, or, data pipelining and scheduling with AirflowPyData
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactMicroservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactAraf Karsh Hamid
 
Git interview questions | Edureka
Git interview questions | EdurekaGit interview questions | Edureka
Git interview questions | EdurekaEdureka!
 
Introduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOSIntroduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOSJoel W. King
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
How to Introduce Telemetry Streaming (gNMI) in Your Network with SNMP with Te...
How to Introduce Telemetry Streaming (gNMI) in Your Network with SNMP with Te...How to Introduce Telemetry Streaming (gNMI) in Your Network with SNMP with Te...
How to Introduce Telemetry Streaming (gNMI) in Your Network with SNMP with Te...InfluxData
 
Introduction to microservices
Introduction to microservicesIntroduction to microservices
Introduction to microservicesAnil Allewar
 
Containerization
ContainerizationContainerization
ContainerizationGowtham Ventrapati
 
The Need of Cloud-Native Application
The Need of Cloud-Native ApplicationThe Need of Cloud-Native Application
The Need of Cloud-Native ApplicationEmiliano Pecis
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyAditya Gupta
 
The Zen of High Performance Messaging with NATS
The Zen of High Performance Messaging with NATS The Zen of High Performance Messaging with NATS
The Zen of High Performance Messaging with NATS NATS
 
Owasp zap
Owasp zapOwasp zap
Owasp zapColdFusionConference
 
Streaming Visualization
Streaming VisualizationStreaming Visualization
Streaming VisualizationGuido Schmutz
 
Apache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals ExplainedApache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals Explainedconfluent
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2Ido Flatow
 
GraphQL Security
GraphQL SecurityGraphQL Security
GraphQL SecurityShiu-Fun Poon
 
Google Cloud Platform monitoring with Zabbix
Google Cloud Platform monitoring with ZabbixGoogle Cloud Platform monitoring with Zabbix
Google Cloud Platform monitoring with ZabbixMax Kuzkin
 
Zabbix Performance Tuning
Zabbix Performance TuningZabbix Performance Tuning
Zabbix Performance TuningRicardo Santos
 
Ha of load balancer
Ha of load balancerHa of load balancer
Ha of load balancerDaeMyung Kang
 
Applibot presents Smartphone Game on AWS
Applibot presents Smartphone Game on AWSApplibot presents Smartphone Game on AWS
Applibot presents Smartphone Game on AWSKenta Yasukawa
 

More Related Content

What's hot

Big Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingBig Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingAraf Karsh Hamid
 
Composable Software Architecture with Spring
Composable Software Architecture with SpringComposable Software Architecture with Spring
Composable Software Architecture with SpringSam Brannen
 
How I learned to time travel, or, data pipelining and scheduling with Airflow
How I learned to time travel, or, data pipelining and scheduling with AirflowHow I learned to time travel, or, data pipelining and scheduling with Airflow
How I learned to time travel, or, data pipelining and scheduling with AirflowPyData
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactMicroservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactAraf Karsh Hamid
 
Git interview questions | Edureka
Git interview questions | EdurekaGit interview questions | Edureka
Git interview questions | EdurekaEdureka!
 
Introduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOSIntroduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOSJoel W. King
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
How to Introduce Telemetry Streaming (gNMI) in Your Network with SNMP with Te...
How to Introduce Telemetry Streaming (gNMI) in Your Network with SNMP with Te...How to Introduce Telemetry Streaming (gNMI) in Your Network with SNMP with Te...
How to Introduce Telemetry Streaming (gNMI) in Your Network with SNMP with Te...InfluxData
 
Introduction to microservices
Introduction to microservicesIntroduction to microservices
Introduction to microservicesAnil Allewar
 
The Need of Cloud-Native Application
The Need of Cloud-Native ApplicationThe Need of Cloud-Native Application
The Need of Cloud-Native ApplicationEmiliano Pecis
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyAditya Gupta
 
The Zen of High Performance Messaging with NATS
The Zen of High Performance Messaging with NATS The Zen of High Performance Messaging with NATS
The Zen of High Performance Messaging with NATS NATS
 
Streaming Visualization
Streaming VisualizationStreaming Visualization
Streaming VisualizationGuido Schmutz
 
Apache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals ExplainedApache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals Explainedconfluent
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2Ido Flatow
 
Google Cloud Platform monitoring with Zabbix
Google Cloud Platform monitoring with ZabbixGoogle Cloud Platform monitoring with Zabbix
Google Cloud Platform monitoring with ZabbixMax Kuzkin
 
Zabbix Performance Tuning
Zabbix Performance TuningZabbix Performance Tuning
Zabbix Performance TuningRicardo Santos
 

What's hot (20)

Big Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingBig Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb Sharding
 
Composable Software Architecture with Spring
Composable Software Architecture with SpringComposable Software Architecture with Spring
Composable Software Architecture with Spring
 
How I learned to time travel, or, data pipelining and scheduling with Airflow
How I learned to time travel, or, data pipelining and scheduling with AirflowHow I learned to time travel, or, data pipelining and scheduling with Airflow
How I learned to time travel, or, data pipelining and scheduling with Airflow
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactMicroservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito Pact
 
Git interview questions | Edureka
Git interview questions | EdurekaGit interview questions | Edureka
Git interview questions | Edureka
 
Introduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOSIntroduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOS
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorization
 
How to Introduce Telemetry Streaming (gNMI) in Your Network with SNMP with Te...
How to Introduce Telemetry Streaming (gNMI) in Your Network with SNMP with Te...How to Introduce Telemetry Streaming (gNMI) in Your Network with SNMP with Te...
How to Introduce Telemetry Streaming (gNMI) in Your Network with SNMP with Te...
 
Introduction to microservices
Introduction to microservicesIntroduction to microservices
Introduction to microservices
 
Containerization
ContainerizationContainerization
Containerization
 
The Need of Cloud-Native Application
The Need of Cloud-Native ApplicationThe Need of Cloud-Native Application
The Need of Cloud-Native Application
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
 
The Zen of High Performance Messaging with NATS
The Zen of High Performance Messaging with NATS The Zen of High Performance Messaging with NATS
The Zen of High Performance Messaging with NATS
 
Owasp zap
Owasp zapOwasp zap
Owasp zap
 
Streaming Visualization
Streaming VisualizationStreaming Visualization
Streaming Visualization
 
Apache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals ExplainedApache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals Explained
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
 
GraphQL Security
GraphQL SecurityGraphQL Security
GraphQL Security
 
Google Cloud Platform monitoring with Zabbix
Google Cloud Platform monitoring with ZabbixGoogle Cloud Platform monitoring with Zabbix
Google Cloud Platform monitoring with Zabbix
 
Zabbix Performance Tuning
Zabbix Performance TuningZabbix Performance Tuning
Zabbix Performance Tuning
 

Viewers also liked

Applibot presents Smartphone Game on AWS
Applibot presents Smartphone Game on AWSApplibot presents Smartphone Game on AWS
Applibot presents Smartphone Game on AWSKenta Yasukawa
 
Radical ideas from the book: The Practice of Cloud System Administration
Radical ideas from the book: The Practice of Cloud System AdministrationRadical ideas from the book: The Practice of Cloud System Administration
Radical ideas from the book: The Practice of Cloud System AdministrationTom Limoncelli
 
Multicast on Cisco Network
Multicast on Cisco NetworkMulticast on Cisco Network
Multicast on Cisco Networkhome
 
IP Multicast Explained
IP Multicast ExplainedIP Multicast Explained
IP Multicast ExplainedMetaswitch NTD
 
Redis & Redis HA design with Keepalived
Redis & Redis HA design with KeepalivedRedis & Redis HA design with Keepalived
Redis & Redis HA design with KeepalivedToshiki Inami
 
EC2でkeepalived+LVS(DSR)
EC2でkeepalived+LVS(DSR)EC2でkeepalived+LVS(DSR)
EC2でkeepalived+LVS(DSR)Sugawara Genki
 
Redis High availability and fault tolerance in a multitenant environment
Redis High availability and fault tolerance in a multitenant environmentRedis High availability and fault tolerance in a multitenant environment
Redis High availability and fault tolerance in a multitenant environmentIccha Sethi
 
Bootstrapping - Session 1 - Your First Week with Amazon EC2
Bootstrapping - Session 1 - Your First Week with Amazon EC2Bootstrapping - Session 1 - Your First Week with Amazon EC2
Bootstrapping - Session 1 - Your First Week with Amazon EC2Amazon Web Services
 
A FINANCIAL ANALYSIS OF RATIOS & CASH FLOW STATETMENT
A FINANCIAL ANALYSIS OF RATIOS & CASH FLOW STATETMENT A FINANCIAL ANALYSIS OF RATIOS & CASH FLOW STATETMENT
A FINANCIAL ANALYSIS OF RATIOS & CASH FLOW STATETMENT kartik patel
 
EMC Academic Alliance Partnering Schools
EMC Academic Alliance Partnering SchoolsEMC Academic Alliance Partnering Schools
EMC Academic Alliance Partnering SchoolsEMC
 
The midnight visitor
The midnight visitorThe midnight visitor
The midnight visitorGirish Arabbi
 
Presentation 4Q15 - CPFL Energia
Presentation 4Q15 - CPFL EnergiaPresentation 4Q15 - CPFL Energia
Presentation 4Q15 - CPFL EnergiaCPFL RI
 

Viewers also liked (20)

Ha of load balancer
Ha of load balancerHa of load balancer
Ha of load balancer
 
Applibot presents Smartphone Game on AWS
Applibot presents Smartphone Game on AWSApplibot presents Smartphone Game on AWS
Applibot presents Smartphone Game on AWS
 
Radical ideas from the book: The Practice of Cloud System Administration
Radical ideas from the book: The Practice of Cloud System AdministrationRadical ideas from the book: The Practice of Cloud System Administration
Radical ideas from the book: The Practice of Cloud System Administration
 
Multicast on Cisco Network
Multicast on Cisco NetworkMulticast on Cisco Network
Multicast on Cisco Network
 
IP Multicast Explained
IP Multicast ExplainedIP Multicast Explained
IP Multicast Explained
 
Advanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast DeploymentAdvanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast Deployment
 
IP Multicasting
IP MulticastingIP Multicasting
IP Multicasting
 
Redis & Redis HA design with Keepalived
Redis & Redis HA design with KeepalivedRedis & Redis HA design with Keepalived
Redis & Redis HA design with Keepalived
 
Ip multicast
Ip multicastIp multicast
Ip multicast
 
EC2でkeepalived+LVS(DSR)
EC2でkeepalived+LVS(DSR)EC2でkeepalived+LVS(DSR)
EC2でkeepalived+LVS(DSR)
 
IP Multicasting
IP MulticastingIP Multicasting
IP Multicasting
 
Redis High availability and fault tolerance in a multitenant environment
Redis High availability and fault tolerance in a multitenant environmentRedis High availability and fault tolerance in a multitenant environment
Redis High availability and fault tolerance in a multitenant environment
 
Bootstrapping - Session 1 - Your First Week with Amazon EC2
Bootstrapping - Session 1 - Your First Week with Amazon EC2Bootstrapping - Session 1 - Your First Week with Amazon EC2
Bootstrapping - Session 1 - Your First Week with Amazon EC2
 
OpenSIPS Workshop
OpenSIPS WorkshopOpenSIPS Workshop
OpenSIPS Workshop
 
A FINANCIAL ANALYSIS OF RATIOS & CASH FLOW STATETMENT
A FINANCIAL ANALYSIS OF RATIOS & CASH FLOW STATETMENT A FINANCIAL ANALYSIS OF RATIOS & CASH FLOW STATETMENT
A FINANCIAL ANALYSIS OF RATIOS & CASH FLOW STATETMENT
 
EMC Academic Alliance Partnering Schools
EMC Academic Alliance Partnering SchoolsEMC Academic Alliance Partnering Schools
EMC Academic Alliance Partnering Schools
 
Método nissino
Método nissinoMétodo nissino
Método nissino
 
Apostila
ApostilaApostila
Apostila
 
The midnight visitor
The midnight visitorThe midnight visitor
The midnight visitor
 
Presentation 4Q15 - CPFL Energia
Presentation 4Q15 - CPFL EnergiaPresentation 4Q15 - CPFL Energia
Presentation 4Q15 - CPFL Energia
 

Similar to IP Multicast on ec2

Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerJorge Juan Mendoza
 
Arquitetura Hibrida - Integrando seu Data Center com a Nuvem da AWS
Arquitetura Hibrida - Integrando seu Data Center com a Nuvem da AWSArquitetura Hibrida - Integrando seu Data Center com a Nuvem da AWS
Arquitetura Hibrida - Integrando seu Data Center com a Nuvem da AWSAmazon Web Services LATAM
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksAdrien Blind
 
Meetup docker using software defined networks
Meetup docker using software defined networksMeetup docker using software defined networks
Meetup docker using software defined networksOCTO Technology
 
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPROIDEA
 
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge MigrationJames Denton
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
Building services on AWS in China region
Building services on AWS in China regionBuilding services on AWS in China region
Building services on AWS in China regionRoman Naumenko
 
Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingLee Calcote
 
From Monolith to Docker Distributed Applications
From Monolith to Docker Distributed ApplicationsFrom Monolith to Docker Distributed Applications
From Monolith to Docker Distributed ApplicationsCarlos Sanchez
 
IPVS for Docker Containers
IPVS for Docker ContainersIPVS for Docker Containers
IPVS for Docker ContainersBob Sokol
 
[En] IPVS for Docker Containers
[En] IPVS for Docker Containers[En] IPVS for Docker Containers
[En] IPVS for Docker ContainersAndrey Sibirev
 
Bitbucket Pipelines - Powered by Kubernetes
Bitbucket Pipelines - Powered by KubernetesBitbucket Pipelines - Powered by Kubernetes
Bitbucket Pipelines - Powered by KubernetesNathan Burrell
 
Dragonflow Austin Summit Talk
Dragonflow Austin Summit Talk Dragonflow Austin Summit Talk
Dragonflow Austin Summit Talk Eran Gampel
 
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...Amazon Web Services
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
 
Dragonflow 01 2016 TLV meetup
Dragonflow 01 2016 TLV meetup Dragonflow 01 2016 TLV meetup
Dragonflow 01 2016 TLV meetup Eran Gampel
 
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...Amazon Web Services
 

Similar to IP Multicast on ec2 (20)

Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in docker
 
Arquitetura Hibrida - Integrando seu Data Center com a Nuvem da AWS
Arquitetura Hibrida - Integrando seu Data Center com a Nuvem da AWSArquitetura Hibrida - Integrando seu Data Center com a Nuvem da AWS
Arquitetura Hibrida - Integrando seu Data Center com a Nuvem da AWS
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
 
Meetup docker using software defined networks
Meetup docker using software defined networksMeetup docker using software defined networks
Meetup docker using software defined networks
 
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
 
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a Microservice
 
Building services on AWS in China region
Building services on AWS in China regionBuilding services on AWS in China region
Building services on AWS in China region
 
nested-kvm
nested-kvmnested-kvm
nested-kvm
 
Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container Networking
 
From Monolith to Docker Distributed Applications
From Monolith to Docker Distributed ApplicationsFrom Monolith to Docker Distributed Applications
From Monolith to Docker Distributed Applications
 
IPVS for Docker Containers
IPVS for Docker ContainersIPVS for Docker Containers
IPVS for Docker Containers
 
[En] IPVS for Docker Containers
[En] IPVS for Docker Containers[En] IPVS for Docker Containers
[En] IPVS for Docker Containers
 
Bitbucket Pipelines - Powered by Kubernetes
Bitbucket Pipelines - Powered by KubernetesBitbucket Pipelines - Powered by Kubernetes
Bitbucket Pipelines - Powered by Kubernetes
 
Dragonflow Austin Summit Talk
Dragonflow Austin Summit Talk Dragonflow Austin Summit Talk
Dragonflow Austin Summit Talk
 
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
AWS re:Invent 2016: Optimizing Network Performance for Amazon EC2 Instances (...
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
Sheep it
Sheep itSheep it
Sheep it
 
Dragonflow 01 2016 TLV meetup
Dragonflow 01 2016 TLV meetup Dragonflow 01 2016 TLV meetup
Dragonflow 01 2016 TLV meetup
 
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
 

Recently uploaded

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 

Recently uploaded (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 

IP Multicast on ec2

  • 1. IP Multicast on EC2 -- Who said VRRP doesn’t work on AWS?-- Kenta Yasukawa Solutions Architect Amazon Data Services Japan
  • 2. What this presentation is about My experiences on low layer networking stuff on EC2 • Around L3 or L2 • No L1 stuff We can’t reach L1 of AWS
  • 3. Do you use VPC? EC2-Classic Amazon Virtual Private Cloud (VPC) Each user gets private sections to deploy instances
  • 4. VPC is not only for private networks What EC2-VPC can do whereas EC2-Classic cannot • Static private IP address allocation • Multiple IP addresses allocation • Multiple network interfaces • Dynamic security group membership configuration • Outbound packet filtering by security group • NACL • …
  • 5. L2 looks different from an EC2 instance EC2-Classic • Same answer for any ARP request EC2-VPC • Familiar output!
  • 6. It means L2 tricks may work in VPC L2 NAT (e.g. ebtables, tc) Software which requires L2 addressing (e.g. LVS) DSR (Direct Server Return) Load balancer Pseudo IP broadcast/multicast Will explain this in more detail
  • 7. How Pseudo L2 Broadcast works VPC Subnet IP Multicast Dst: Ethernet Broadcast address Src: Sender’s MAC address Duplicate Unicast-ify Note: Disable Src/Dest on ENI Fine. Let’s use unicast then. IP Multicast packet is sent over Ethernet broadcast frame which just goes into black hole on EC2 Applications bind to IP address, not MAC address. So most of them just work fine.
  • 8. How to implement Script below is based on packet capturing (Just a Proof of Concept) • Easy to understand • It performs ok for an ENI which does not get much traffic • Daemonizing is necessary (e.g. supervisord) https://gist.github.com/kntyskw/5231182
  • 9. How to implement tc mirred + pedit + csum The sample shell script configures tc to perform the job https://gist.github.com/kntyskw/5633755 Much better both from performance and maintenance perspective A little trickier to understand, though Requires two ENIs for a subnet because tc mirred does not like to send loop for copied packets # ec2_multicast.sh <interface to grab multicast packets from> <interface to send modified packets to> [target MAC address 1] [target MAC address 2] ... # ec2_multicast.sh eth0 eth1 00:11:22:33:44:55 66:77:88:99:aa:bb Example: Usage:
  • 10. Determine neighbors’ MAC addresses Use AWS API • Example: https://gist.github.com/kntyskw/5413698
  • 11. Is it useful? It has quite some overhead since a packet is duplicated and sent multiple times But maybe ok to use for infrequent messaging? Sure. Don’t use it for sreaming HD movies Right. So, what about using it for node discovery and heartbeating? Ask yourself. Yeah, like VRRP?
  • 12. Let’s now try to make VRRP work Virtual Router Redundancy Protocol (VRRP) • Gives a virtual IP address to a group of nodes (VRRP group) which forms a fault tolerant cluster • Nodes in a VRRP group communite with IP multicast
  • 13. Verification with LVS + Keepalived VPC Subnet LVS + keepalived LVS + keepalived WebWebWeb 172.31.0.0/20 Elastic IP Secondary: 172.31.24.1 Primary: 172.31.24.100 Primary: 172.31.24.101 VRRP Normal state Request routing path
  • 14. Verification with LVS + Keepalived VPC Subnet LVS + keepalived LVS + keepalived WebWebWeb 172.31.0.0/20 Elastic IP Secondary: 172.31.24.1 Primary: 172.31.24.100 Primary: 172.31.24.101 VRRP Upon failover Request routing path
  • 15. How to take over an IP address VPC is not using ARP to determine dest MAC address • Needs to provision the mapping b/w IP address and ENI Call AWS API to reassign VIP from Master to backup upon failover https://gist.github.com/kntyskw/5417140
  • 16. Keepalived configuration Execute the script when promoted to the master vrrp_instance VI_1 { state BACKUP interface eth1 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.31.24.1 dev eth0 } notify_master /etc/keepalived/assign_vip.sh }
  • 17. Advantages of using LVS UDP load balancing! • Neither ELB nor HAProxy can do LVS does not need to terminate TCP • Lower overhead No need to involve user land process • Lower latency • Higher throughput
  • 18. Quick benchmarking results sss LVS v.s. HAProxy • Both run on a m1.small instance • Tested to fetch a 4KB HTML file with BeesWithMachineGuns • Each of 8 bees will fire 2000 rounds, 10 at a time. 0 500 1000 1500 2000 2500 3000 3500 4000 4500 LVS HAProxy Requestperseconds Throughput 0 10 20 30 40 50 60 Average tp50 tp90 ResponseTimein[ms] Response Time LVS HAProxy
  • 19. Things to note when you depend on L2 VPC Subnet cannot span across multiple AZs ENI cannot reach a subnet in a different AZ Availability Zone Availability Zone VPC Subnet Availability Zone Availability Zone
  • 20. Building Multi-AZ architecture with LVS VPC Subnet LVS + keepalived LVS + keepalived WebWebWeb 172.31.0.0/20 Elatic IP Secondary: 172.31.24.1 Primary: 172.31.24.100 Primary: 172.31.24.1 01 VRRP If you can use multiple IP addresses • Use DNS RR as well as ELB does • Route53 Health Check can be used to detect failure Request flow VPC Subnet LVS + keepalived LVS + keepalived WebWebWeb 172.31.64.0/20 Secondary: 172.31.78.1 Primary: 172.31.78. 100 Primary: 172.31.78.101 VRRP Availability Zone Availability Zone Amazon Route 53
  • 21. Building Multi-AZ architecture with LVS VPC Subnet LVS + keepalived LVS + keepalived WebWebWeb 172.31.0.0/20 Elatic IP Secondary: 172.31.24.1 Primary: 172.31.24.100 Primary: 172.31.24.1 01 VRRP If you have to stick to one single IP address (e.g. due to NAT traversal issue for UDP based services) • Perform Heartbeating b/w VRRP master nodes and move EIP upon failover Request flow Availability Zone Availability Zone VPC Subnet LVS + keepalived WebWebWeb 172.31.64.0/20 Primary: 172.31.78.101 VRRP LVS + keepalived Secondary: 172.31.78.1 Primary: 172.31.78. 100
  • 22. Concluding remarks VPC gives you freedom on L2 which allows: • L2 NAT • L2 addressing • Pseudo Broadcast/Multicast Pseudo IP Multicast enables most applications which require IP multicast • Confirmed LVS + Keepalived works well LVS has advantages over other LBs depending on use cases • Don’t forget to build Multi-AZ architecture Use VPC and get more options for architecting!